add bandit code analysis #251
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test and Deploy bioimageio.core | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ "**" ] | |
defaults: | |
run: | |
shell: micromamba-shell {0} | |
jobs: | |
black: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: psf/black@stable | |
with: | |
options: "--check" | |
src: "." | |
jupyter: true | |
version: "24.3" | |
bandit: | |
needs: black | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- name: Perform Bandit Analysis | |
uses: PyCQA/bandit-action@v1 | |
test-spec-conda: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Conda environment with Micromamba | |
if: matrix.python-version != '3.8' | |
uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-wo-python.yaml | |
create-args: >- | |
python=${{ matrix.python-version }} | |
post-cleanup: 'all' | |
- name: Install py3.8 environment | |
if: matrix.python-version == '3.8' | |
uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-py38.yaml | |
post-cleanup: 'all' | |
- name: additional setup | |
run: pip install --no-deps -e . | |
- name: Get Date | |
id: get-date | |
run: | | |
echo "date=$(date +'%Y-%b')" | |
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@v4 | |
with: | |
path: bioimageio_cache | |
key: "test-spec-conda-${{ steps.get-date.outputs.date }}" | |
- name: pytest-spec-conda | |
run: pytest --disable-pytest-warnings | |
env: | |
BIOIMAGEIO_CACHE_PATH: bioimageio_cache | |
test-spec-main: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.8', '3.12'] | |
include: | |
- python-version: '3.12' | |
is-dev-version: true | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Conda environment with Micromamba | |
if: matrix.python-version != '3.8' | |
uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-wo-python.yaml | |
create-args: >- | |
python=${{ matrix.python-version }} | |
post-cleanup: 'all' | |
- name: Install py3.8 environment | |
if: matrix.python-version == '3.8' | |
uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-py38.yaml | |
post-cleanup: 'all' | |
- name: additional setup spec | |
run: | | |
conda remove --yes --force bioimageio.spec || true # allow failure for cached env | |
pip install --no-deps git+https://github.com/bioimage-io/spec-bioimage-io | |
- name: additional setup core | |
run: pip install --no-deps -e . | |
- name: Get Date | |
id: get-date | |
run: | | |
echo "date=$(date +'%Y-%b')" | |
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@v4 | |
with: | |
path: bioimageio_cache | |
key: "test-spec-main-${{ steps.get-date.outputs.date }}" | |
- name: pytest-spec-main | |
run: pytest --disable-pytest-warnings | |
env: | |
BIOIMAGEIO_CACHE_PATH: bioimageio_cache | |
- if: matrix.is-dev-version && github.event_name == 'pull_request' | |
uses: orgoro/[email protected] | |
with: | |
coverageFile: coverage.xml | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- if: matrix.is-dev-version && github.ref == 'refs/heads/main' | |
run: | | |
pip install genbadge[coverage] | |
genbadge coverage --input-file coverage.xml --output-file ./dist/coverage/coverage-badge.svg | |
coverage html -d dist/coverage | |
- if: matrix.is-dev-version && github.ref == 'refs/heads/main' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage | |
retention-days: 1 | |
path: dist | |
test-spec-main-tf: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.9', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-tf.yaml | |
condarc: | | |
channel-priority: flexible | |
create-args: >- | |
python=${{ matrix.python-version }} | |
post-cleanup: 'all' | |
- name: additional setup spec | |
run: | | |
conda remove --yes --force bioimageio.spec || true # allow failure for cached env | |
pip install --no-deps git+https://github.com/bioimage-io/spec-bioimage-io | |
- name: additional setup core | |
run: pip install --no-deps -e . | |
- name: Get Date | |
id: get-date | |
run: | | |
echo "date=$(date +'%Y-%b')" | |
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@v4 | |
with: | |
path: bioimageio_cache | |
key: "test-spec-main-tf-${{ steps.get-date.outputs.date }}" | |
- run: pytest --disable-pytest-warnings | |
env: | |
BIOIMAGEIO_CACHE_PATH: bioimageio_cache | |
test-spec-conda-tf: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.9', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-file: dev/env-tf.yaml | |
condarc: | | |
channel-priority: flexible | |
create-args: >- | |
python=${{ matrix.python-version }} | |
post-cleanup: 'all' | |
- name: additional setup | |
run: pip install --no-deps -e . | |
- name: Get Date | |
id: get-date | |
run: | | |
echo "date=$(date +'%Y-%b')" | |
echo "date=$(date +'%Y-%b')" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@v4 | |
with: | |
path: bioimageio_cache | |
key: "test-spec-conda-tf-${{ steps.get-date.outputs.date }}" | |
- name: pytest-spec-tf | |
run: pytest --disable-pytest-warnings | |
env: | |
BIOIMAGEIO_CACHE_PATH: bioimageio_cache | |
conda-build: | |
runs-on: ubuntu-latest | |
needs: test-spec-conda | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install Conda environment with Micromamba | |
uses: mamba-org/setup-micromamba@v1 | |
with: | |
cache-downloads: true | |
cache-environment: true | |
environment-name: build-env | |
condarc: | | |
channels: | |
- conda-forge | |
create-args: | | |
boa | |
- name: linux conda build | |
run: | | |
conda mambabuild -c conda-forge conda-recipe | |
docs: | |
needs: [test-spec-main] | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: coverage | |
path: dist | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
- run: pip install -e .[dev] | |
- name: Generate developer docs | |
run: ./scripts/pdoc/run.sh | |
- run: cp README.md ./dist/README.md | |
- name: copy rendered presentations | |
run: | | |
mkdir ./dist/presentations | |
cp -r ./presentations/*.html ./dist/presentations/ | |
- name: Deploy to gh-pages 🚀 | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
branch: gh-pages | |
folder: dist |